eset smart security - hidden icmp tunnel

eset smart security - hidden icmp tunnel

Postby rog » 27.10.2018, 17:53

Alert on eset smart security told that wsusoffline creating hiddent icmp tunnel.
It is generating always when i start UpdateInstaller.exe
I need informartion what data is send to 185.160.0.158 ?
rog
 
Posts: 4
Joined: 18.06.2018, 11:52

Re: eset smart security - hidden icmp tunnel

Postby aker » 27.10.2018, 22:15

UpdateGenerator or UpdateInstaller? (please double check)

The Installer does not contact the internet in any way (or at least it shouldn't) [Source code for version 11.5: http://trac.wsusoffline.net/trac.fcgi/browser/tags/wsusoffline11.5/client/UpdateInstaller.au3].
It could be some misbehaviour of AutoIt3, but I don't know any reason, why it should try to connect 185.160.0.158 (== wsusoffline.net).

Could you dowload wsusou's source code from here, manually compile it using "CompileAutoItScripts.cmd" and try, if it still tries to connect to the internet?
Last edited by aker on 28.10.2018, 09:12, edited 1 time in total.
Reason: Fixed typo
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to sell it.
aker
aker
 
Posts: 3056
Joined: 02.03.2011, 16:32
Location: %SystemRoot%\System32\Boot\winload.efi

Re: eset smart security - hidden icmp tunnel

Postby boco » 28.10.2018, 03:14

UpdateInstaller, when started, makes a short ping to wsusoffline.net (185.160.0.158), to check if you are online. It shows (or hides) the Donate button if you are (not).


Around line 746:
If (MyIniRead($ini_section_misc, $ini_value_showdonate, $enabled) = $disabled) OR (Ping($wou_hostname) = 0) Then
GUICtrlSetState(-1, $GUI_HIDE)
EndIf


@WSUSUpdateAdmin: Could you nest that IF statement? If the user has ShowDonate option in INI file set to 0, there's no need to ping at all.

I could not detect other places where it pings. Pinging by design does not send or receive data beyond the limited information in the Ping and Pong packets and what the TCP/IP protocol requires.
Microsoft update catalog: http://catalog.update.microsoft.com/v7/site/
Windows Install media download: https://support.microsoft.com/en-us/help/15088/windows-create-installation-media
boco
 
Posts: 2016
Joined: 24.11.2009, 18:00
Location: Germany

Re: eset smart security - hidden icmp tunnel

Postby rog » 05.11.2018, 14:31

UpdateInstaller.exe

Where i can test options ShowDonate to disable this ?
rog
 
Posts: 4
Joined: 18.06.2018, 11:52

Re: eset smart security - hidden icmp tunnel

Postby boco » 05.11.2018, 14:57

The Ping can not be disabled, currently, in the official build.

You can, however, change the mentioned lines from

Code: Select all
If (MyIniRead($ini_section_misc, $ini_value_showdonate, $enabled) = $disabled) OR (Ping($wou_hostname) = 0) Then
GUICtrlSetState(-1, $GUI_HIDE)
EndIf


to

Code: Select all
If (MyIniRead($ini_section_misc, $ini_value_showdonate, $enabled) = $disabled) Then
GUICtrlSetState(-1, $GUI_HIDE)
EndIf


Then, you need to manually compile the UpdateInstaller.au3 file to an .EXE file, using the AutoIt3 suite.


Then, add the following to the UpdateInstaller.ini file:

Code: Select all
[Miscellaneous]

(ONLY if it does not exist yet!)

and, under it:
Code: Select all
showdonate=0
Microsoft update catalog: http://catalog.update.microsoft.com/v7/site/
Windows Install media download: https://support.microsoft.com/en-us/help/15088/windows-create-installation-media
boco
 
Posts: 2016
Joined: 24.11.2009, 18:00
Location: Germany

Re: eset smart security - hidden icmp tunnel

Postby rog » 05.11.2018, 15:25

thank You.
rog
 
Posts: 4
Joined: 18.06.2018, 11:52


Return to Verschiedenes / Miscellaneous

Who is online

Users browsing this forum: No registered users and 15 guests